Legal

Privacy Policy

In plain English: what we collect, how we use it, who we share it with, and your rights. If anything's unclear, email us — we'll explain.

Last updated: May 21, 2026 · Effective: May 21, 2026

Privacy at a glance

  • We collect only what we need to run your account, dispatch your crew, and pay your workers.
  • We never sell your data, and we never use it to train AI models.
  • Payments run through Stripe — we never see your card number.
  • AI work order extraction runs through Groq under a no-training agreement.
  • Your business data is isolated from other customers by per-tenant database controls.
  • You can export everything and delete your account at any time, from your settings.

This Privacy Policy explains how Intellimark Group LLC, doing business as FieldNotch ("FieldNotch," "we," "us," or "our"), collects, uses, shares, and protects information when you use our website at fieldnotch.com, our web application, our mobile apps for iOS and Android, and related services (together, the "Service"). It applies to anyone who uses the Service — business owners, dispatchers, office staff, workers, and visitors to our marketing site.

Plain-language summary: This is the legal document. The summary box above tells you what most people actually want to know. The sections below cover the specifics for lawyers, compliance reviewers, and anyone who reads privacy policies for fun.

1. Who we are

FieldNotch is operated by Intellimark Group LLC, a Georgia limited liability company. FieldNotch is an operations platform for subcontractor businesses — companies that take work from upstream vendors (general contractors, property preservation networks, restoration networks, etc.) and dispatch it to their own crews. We are the "data controller" for information about our direct account holders (your business) and a "data processor" for information you upload about your customers, work orders, employees, and contractors.

If you have questions about how your data is handled, contact us at privacy@fieldnotch.com.

2. What information we collect

2.1 Information you give us

  • Account information — your name, email address, password (hashed), company name, role, and phone number (optional).
  • Billing information — billing address, business name, plan selection. We do not store or process credit card numbers. Payment details are handled directly by our payment processor, Stripe, and stored in their PCI-compliant infrastructure.
  • Customer business data — work orders, vendor information, employee records, contractor records, time entries, invoices, payroll runs, photos, and notes you upload or create in the Service.
  • Communications — emails, chat messages, and feedback you send us.

2.2 Information collected automatically

  • Usage data — pages viewed, features used, time spent, clicks, and other interaction patterns.
  • Device and log data — IP address, browser type, operating system, device identifiers, language, and timestamps.
  • Cookies and similar technologies — see Section 2.5.

2.3 Information from mobile apps (worker app)

  • Location data — collected only when a worker is actively clocked into a job, and only at the resolution needed to verify job-site presence. Background location is never collected. Workers can disable location sharing in their device settings, though this may reduce some features.
  • Photos and attachments — completion photos and other job documentation workers upload.
  • Camera and storage permissions — used only when the worker actively chooses to attach a photo.

2.4 Information from work order PDFs

When you upload a vendor work order PDF, FieldNotch uses AI to extract structured fields (address, scope, contacts, due dates, materials, PO numbers). The PDF and extracted text are processed by our AI provider, Groq Inc., under a contractual agreement that prohibits using your data to train models. Extracted data is stored in your account and never used for any purpose outside serving you.

2.5 Cookies and tracking

We use a small number of cookies and similar technologies:

  • Strictly necessary — session cookies that keep you logged in and remember your preferences. These cannot be disabled.
  • Analytics — we use a privacy-focused analytics tool (Plausible) that does not use cookies and does not track individual users across sites.
  • No advertising cookies — we do not run ads, retargeting pixels, or third-party advertising trackers.

3. How we use information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process payments and manage your subscription
  • Send transactional emails (account verification, password resets, payment receipts, work order assignments, payroll notifications)
  • Respond to your support requests
  • Investigate and prevent security incidents, fraud, and abuse
  • Comply with legal obligations (tax records, court orders, regulatory requests)
  • Send you occasional product update emails — which you can unsubscribe from with one click

We do not:

  • Sell your personal information or your business data to third parties
  • Use your customer business data to train AI models — ours or anyone else's
  • Share your data across customer accounts
  • Profile you or your workers for advertising

4. Who we share information with

We share information only with the third-party service providers that help us run FieldNotch. Each one is bound by a Data Processing Agreement (DPA) and has access only to the data they need to do their job.

Sub-processor Purpose Location
Stripe, Inc. Payment processing United States
Groq, Inc. AI work order extraction United States
Amazon Web Services Hosting, storage, file uploads United States (us-east-1)
Resend Transactional email delivery United States
Twilio SMS notifications (opt-in) United States
Intuit (QuickBooks Online) Invoice and payroll sync (opt-in) United States
Plausible Analytics Privacy-friendly site analytics European Union
Sentry Error monitoring United States

We may also share information when legally required (subpoena, court order, regulatory request), in connection with a corporate transaction (merger, acquisition, asset sale — in which case we'll notify you in advance), or with your explicit consent.

5. Data retention

We keep your data for as long as your account is active. When you cancel:

  • Account data is retained for 30 days, then permanently deleted from our production systems.
  • Encrypted backups are retained for an additional 60 days before being purged on a rolling basis.
  • Financial records (invoices, payment history) are retained for 7 years to comply with US tax and accounting law.
  • Anonymized usage statistics may be retained indefinitely for product analytics.

You can export all your data at any time before cancellation by visiting Settings → Data Export. Exports are available in CSV, PDF, and JSON formats.

6. Security

We take the protection of your data seriously. Our security measures include:

  • Encryption in transit — all traffic uses TLS 1.2 or higher (HTTPS).
  • Encryption at rest — databases and file storage use AES-256 encryption.
  • Per-tenant isolation — each customer's data is logically separated using PostgreSQL row-level security; one customer cannot access another's data, even in the event of an application bug.
  • Access controls — internal access to production systems requires multi-factor authentication and is limited to engineers with a documented need.
  • Audit logging — significant actions in both the application and our infrastructure are logged.
  • Vulnerability management — dependencies are scanned for known vulnerabilities daily; security patches are applied promptly.
  • Incident response — we maintain a documented incident response procedure and will notify affected customers within 72 hours of confirming a data breach involving their information.

We are in the process of completing a SOC 2 Type II audit. If you'd like a copy of our security overview or have specific compliance questions, contact security@fieldnotch.com.

7. Your rights

Depending on your location, you may have the following rights regarding your personal information:

For all users

  • Access — view what data we have about you from your account Settings, or request a full export by emailing us.
  • Correction — update inaccurate or incomplete information in your account.
  • Deletion — delete your account and associated data from your account Settings.
  • Export — download your data in machine-readable format (CSV, JSON, PDF).
  • Opt out of marketing — unsubscribe from product update emails with the link in every email.

California residents (CCPA / CPRA)

You have additional rights under the California Consumer Privacy Act and California Privacy Rights Act, including the right to know what personal information we have collected, the right to delete it, the right to correct it, the right to limit the use of sensitive personal information, and the right not to be discriminated against for exercising these rights. To exercise these rights, email privacy@fieldnotch.com. We will respond within 45 days.

We do not "sell" personal information as defined by CCPA, and we do not "share" personal information for cross-context behavioral advertising.

EEA, UK, and Swiss residents (GDPR)

If you are in the European Economic Area, United Kingdom, or Switzerland, you have rights under GDPR including access, rectification, erasure, restriction of processing, data portability, and the right to object. Our lawful bases for processing are contract performance (to provide the Service you've signed up for), legitimate interests (improving the Service, preventing fraud), and consent (where you've given it, such as for SMS notifications).

To exercise GDPR rights, email privacy@fieldnotch.com. You also have the right to lodge a complaint with your local data protection authority.

Canadian residents (PIPEDA)

You have rights under the Personal Information Protection and Electronic Documents Act, including the right to access your personal information and request corrections. Contact privacy@fieldnotch.com to exercise these rights.

8. International data transfers

FieldNotch is operated from the United States. If you access the Service from outside the US, your information will be transferred to, stored, and processed in the United States. For transfers from the EEA, UK, or Switzerland, we rely on the European Commission's Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework where applicable. Our sub-processors that handle EEA personal data have signed SCCs with us.

9. Children's privacy

FieldNotch is a business-to-business service intended for use by adults running subcontractor businesses. The Service is not directed to children under 16, and we do not knowingly collect personal information from anyone under 16. If you believe we have inadvertently collected information from a minor, contact us at privacy@fieldnotch.com and we will delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we'll change the "Last updated" date at the top of this page and, for material changes, notify you by email at least 30 days before the change takes effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

Previous versions of this policy are available on request.

11. Contact us

If you have questions, complaints, or want to exercise any of the rights described above:

We aim to respond to all privacy requests within 7 business days, and to fulfill verified requests within 30 days (or 45 days for CCPA requests, with the option to extend by another 45 days if needed).

One more thing: If you're our customer and you process personal data about your own customers or employees through FieldNotch, you are the data controller for that information. We act as your processor. If you need a signed Data Processing Agreement (DPA), email privacy@fieldnotch.com — we have a standard DPA ready to sign.